-
EDRSilencer red team tool used in attacks to bypass security
A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles.
- October 15, 2024
- 02:47 PM
3
-
macOS Sequoia change breaks networking for VPN, antivirus software
Users of macOS 15 'Sequoia' are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers.
- September 20, 2024
- 11:45 AM
1
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems.
- September 10, 2024
- 02:29 PM
- 0
-
PoorTry Windows driver evolves into a full-featured EDR wiper
The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder.
- August 28, 2024
- 02:57 PM
- 0
-
Ransomware gang deploys new malware to kill security software
RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks
- August 15, 2024
- 02:01 PM
- 1
-
Notorious FIN7 hackers sell EDR killer to other threat actors
The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks.
- July 17, 2024
- 05:11 PM
- 0
-
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
- October 18, 2023
- 11:17 AM
- 0
-
New Mockingjay process injection technique evades EDR detection
A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems.
- June 27, 2023
- 09:00 AM
- 0
-
Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users
The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions.
- June 16, 2023
- 12:56 PM
- 1
-
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace).
- May 31, 2023
- 03:25 PM
- 0
-
SonicWall warns web content filtering is broken on Windows 11 22H2
Security hardware manufacturer SonicWall warned customers today of what it describes as a "limitation" of the web content filtering (WCF) feature on Windows 11, version 22H2 systems.
- February 08, 2023
- 05:57 PM
- 0
-
Sponsored Content
Using the Wazuh SIEM and XDR platform to meet PCI DSS compliance
Wazuh is a free, open source security platform that unifies XDR and SIEM capabilities. Here's how Wazuh helps implement PCI DSS compliance for your organization.
- January 31, 2023
- 10:05 AM
- 0
-
Antivirus and EDR solutions tricked into acting as data wipers
A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers.
- December 09, 2022
- 12:00 PM
- 3
-
Black Basta ransomware gang linked to the FIN7 hacking group
Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as "Carbanak."
- November 03, 2022
- 06:00 AM
- 0
-
VMware Carbon Black causing BSOD crashes on Windows
Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware's Carbon Black endpoint security solution.
- August 23, 2022
- 05:42 PM
- 3
